Installing EFS and EBS CSI drivers on AWS
Procedure
- For Cloud Pak foundational services on EKS, make sure
that you install EBS as a storage class.
- Install IAM for EBS and then use the console to install EBS as an add-on. Make sure to
edit the
--cluster
,--name
, and--role-name
fields.export cluster_name=gi-eks # Choose your EKS cluster_name that you have created oidc_id=$(aws eks describe-cluster --name $cluster_name --region=${region} --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5) eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve
export cluster_name=gi-eks # Choose your EKS cluster_name that you have created export ebs_role_name=AmazonEKS_EBS_CSI_DriverRole_XXXX # Make sure the role_name is unique, e.g. AmazonEKS_EBS_CSI_DriverRole_Reza export region=us-east-2 # Make sure that you choose the right region where you cluster is created echo "IMPORTANT: Please make sure that you will use a unique `role_name` as it may cause conflict with pre-existing rolenames in your aws account." eksctl create iamserviceaccount \ --name ebs-csi-controller-sa \ --namespace kube-system \ --cluster ${cluster_name} \ --region ${region} \ --role-name ${ebs_role_name} \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy \ --approve
- Locate your AWS account ID by using this command (see here for more information):
export awsID=346824953529 # Make sure to update your awsID accordingly eksctl create addon --name aws-ebs-csi-driver --cluster ${cluster_name} --region=${region} --service-account-role-arn arn:aws:iam::${awsID}:role/${ebs_role_name} --force
Replace
my-cluster
with the name of your cluster346824953529
with your account IDAmazonEKS_EBS_CSI_DriverRole
with the name of the IAM role created earlier- If your cluster is in the AWS GovCloud (US-East) or AWS GovCloud (US-West) AWS regions, then
replace
arn:aws:
witharn:aws-us-gov:
- To confirm that the EBS driver is installed, run this command:
eksctl get addon --name aws-ebs-csi-driver --cluster ${cluster_name} --region=${region} 2024-06-28 09:39:41 [ℹ] Kubernetes version "1.30" in use by cluster "gi-test" 2024-06-28 09:39:42 [ℹ] to see issues for an addon run `eksctl get addon --name <addon-name> --cluster <cluster-name>` NAME VERSION STATUS ISSUES IAMROLE UPDATE AVAILABLE CONFIGURATION VALUES aws-ebs-csi-driver v1.31.0-eksbuild.1 Active 1 arn:aws:iam::346824953529:role/AmazonEKS_EBS_CSI_DriverRole-t Issue: {Code:InsufficientNumberOfReplicas Message:The add-on is unhealthy because it doesn't have the desired number of replicas. ResourceIDs:[]}
See https://docs.aws.amazon.com/eks/latest/userguide/managing-ebs-csi.html for more information.
- Install IAM for EBS and then use the console to install EBS as an add-on. Make sure to
edit the
- For Guardium® Insights, make sure that you have
both EBS and EFS storage classes on Amazon EKS.
- Install the EFS driver on AWS:
export cluster_name=gi-eks # Choose your EKS cluster_name that you have created export efs_role_name=AmazonEKS_EFS_CSI_DriverRole_XXXX # Make sure the role_name is unique, e.g. AmazonEKS_EFS_CSI_DriverRole_Reza export region=us-east-2 # Make sure that you choose the right region where you cluster is created eksctl create iamserviceaccount \ --name efs-csi-controller-sa \ --namespace kube-system \ --cluster ${cluster_name} \ --region=${region} \ --role-name ${efs_role_name} \ --attach-policy-arn arn:aws:iam::aws:policy/service-role/AmazonEFSCSIDriverPolicy \ --approve
- Locate your AWS account ID by using this command (see here for more information):
export awsID=346824953529 # Make sure to update your awsID accordingly eksctl create addon --name aws-ebs-csi-driver --cluster ${cluster_name} --region=${region} --service-account-role-arn arn:aws:iam::${awsID}:role/${ebs_role_name} --force
Replace
my-cluster
with the name of your cluster346824953529
with your account IDAmazonEKS_EBS_CSI_DriverRole
with the name of the IAM role created earlier- If your cluster is in the AWS GovCloud (US-East) or AWS GovCloud (US-West) AWS regions, then
replace
arn:aws:
witharn:aws-us-gov:
- To confirm that the EFS driver is installed, run this command:
eksctl get addon --name aws-efs-csi-driver --cluster ${cluster_name} 2024-06-28 09:41:15 [ℹ] Kubernetes version "1.30" in use by cluster "gi-test" 2024-06-28 09:41:16 [ℹ] to see issues for an addon run `eksctl get addon --name <addon-name> --cluster <cluster-name>` NAME VERSION STATUS ISSUES IAMROLE UPDATE AVAILABLE CONFIGURATION VALUES aws-efs-csi-driver v2.0.4-eksbuild.1 Active 1 arn:aws:iam::346824953529:role/AmazonEKS_EFS_CSI_DriverRole-new Issue: {Code:InsufficientNumberOfReplicas Message:The add-on is unhealthy because it doesn't have the desired number of replicas. ResourceIDs:[]}
See https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html for more information.
- Install the EFS driver on AWS: